-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Indefinite AWS MFA auth loop when running DBT with Redshift IAM auth #22
Comments
@ags2121 Thanks for opening! This seems frustrating; let's find a way to make it better. I'm also not an AWS/IAM expert, so any input from community members better-versed than me would be greatly appreciated. I believe the relevant bit of code in It looks like there are a few older tools + discussions for caching boto3 sessions, specifically with the goal of avoiding repeated MFA:
The suggested approach leverages a standard AWS cache file. So a really hacky version of that might look like (replacing the code above): else:
from botocore import credentials
import botocore.session
import boto3
import os
# By default the cache path is ~/.aws/boto/cache
cli_cache = os.path.join(os.path.expanduser('~'),'.aws/cli/cache')
# Construct botocore session with cache
botocore_session = botocore.session.Session(profile=iam_profile)
botocore_session.get_component('credential_provider').get_provider('assume-role').cache = credentials.JSONFileCache(cli_cache)
# Create boto3 session + client
boto_session = boto3.Session(
botocore_session=botocore_session,
profile_name=iam_profile
)
boto_client = boto_session.client('redshift') So perhaps you could try:
And see if that gets us anywhere? |
This issue has been marked as Stale because it has been open for 180 days with no activity. If you would like the issue to remain open, please remove the stale label or comment on the issue, or it will be closed in 7 days. |
Describe the bug
I'm following the documentation here for now to set up IAM auth with Redshift profiles, but am encountering an issue where I am continually prompted to enter an MFA token.
Steps To Reproduce
See below for command and log output (the model code is trivial, it's just a simple select from a raw/base model):
And I know it's not necessarily an issue with my AWS config or DBT profiles, as I am able to connect successfully, for example when I run
debug
like so:Here's the dbt profiles.yml I'm using in this test (FYI, the "transformers" group has the necessary DBT grants, like, create on DB):
Expected behavior
What I would expect to see instead is to be prompted once, and have that MFA token remain valid for some configurable duration.
Screenshots and log output
This is the log output of the
dbt run
command pasted above:System information
Which database are you using dbt with?
The output of
dbt --version
:The operating system you're using:
The output of
python --version
:Additional context
Potentially relevant issues:
The text was updated successfully, but these errors were encountered: